NSTIC-led ID plan earmarks $4 million to secure state government services

The two-year-old initiative to create an identity layer for the internet is backing a set of projects aimed at creating identity-based security to support state and local government services online.

The National Program Office (NPO) of the National Strategy for Trusted Identities in Cyberspace (NSTIC) is working with the Office of Management and Budget (OMB) to fund at least two projects that would split up to $4 million and be aimed at developing verification systems to support citizen access to any number of services or agencies. A call for project proposals will go out in the next 45 days.

The projects eventually selected will be aimed at showcasing integration with the NSTIC "identity ecosystem". Selection will favor projects that "demonstrate the potential for interoperability of an identity credential from a private identity provider with both state and federal programs".

The idea is that a secure credential will not only facilitate use of services, but stimulate efforts to bring more services online and to make all services more secure. The hope is that the secure credential will integrate across agencies, speed up activation of services, and help track that the proper payments make it to the correct citizens.

This is the second round of pilot programs NSTIC has launched this year. The earlier round, which drew 70 respondents, was a general call for plans to help build out NSTIC's proposed identity ecosystem.

In September 2012, the initial set of NSTIC pilot grants awarded $9 million to five projects. The projects include a program within the Commonwealth of Virginia for creating a shared authentication across state agencies.

These new specific state and local government pilots will be funded by the OMB's Partnership Fund for Program Integrity Innovation, which is a federal program established by Congress in 2010.

The fund enables federal, state, local, and tribal agencies to pilot ideas for improving assistance programs in a controlled environment. NSTIC thinks state governments add value to its identity ecosystem strategy not only as credential providers, so-called identity providers (IdP), but also, more importantly, as relying parties.

Relying parties are those sites that agree to trust credentials issued by an IdP. To date, it has been difficult finding sites and organizations willing to be relying parties.

There are other major hurdles involved in injecting identity into public benefits programs, including privacy, data storage, and high costs.

As part of the NSTIC-OMB announcement, the pair gave these examples of issues that need to be addressed in any state government program:

• Concerns about applicant and beneficiary privacy, such as concerns that identity proofing techniques may be too intrusive, as well as concerns that data collected will be inappropriately shared with other programs or parties.

• Difficulties conducting identity proofing and ensuring that commonly used identity proofing approaches can adequately cover the beneficiary population.

• High per-user costs of many identity solutions, some of which even exceed the budgets of agencies, particularly when the solution would only be used in a single service, as well as challenges demonstrating the ability to show how costs could be recovered.

• Security challenges faced by some states in demonstrating an ability to securely store sensitive information.

NSTIC hopes that the pilot program will produce trusted online credentials that meet its four guiding principles — that identity solutions be privacy enhancing and voluntary; secure and resilient; interoperable; and cost effective and easy to use.